77 matches found
CVE-2024-46278
Teedy 1.11 is vulnerable to Cross Site Scripting XSS via the management console...
CVE-2024-54852
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...
CVE-2024-54851
Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...
📄 Teedy 1.11 Cross Site Scripting
Teedy version 1.11 suffers from a persistent cross site scripting vulnerability. Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io...
Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)
Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io/ Software Link: https://github.com/Tomblib0/Teedy Version: 1.11 Tested on: Linux...
CVE-2025-22963
Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin...
CVE-2024-54852
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...
CVE-2024-54851
Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...
CVE-2024-54851
Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...
CVE-2024-54852
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...
CVE-2024-54851
Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...
PT-2025-3080 · Teedy · Teedy
Name of the Vulnerable Software and Affected Versions: Teedy versions 1.12 and earlier Description: The issue is related to Cross Site Request Forgery CSRF, which occurs due to the lack of CSRF protection. Recommendations: For Teedy versions 1.12 and earlier, as a temporary workaround, consider...
CVE-2024-54851
Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...
Teedy 安全漏洞
Teedy is a French Teedy open source open source, lightweight document management system for individuals and businesses. A security vulnerability exists in Teedy 1.12 and earlier versions, which stems from a lack of cross-site request forgery CSRF protection and vulnerability to cross-site request...
PT-2025-3081 · Teedy · Teedy
Name of the Vulnerable Software and Affected Versions: Teedy versions 1.9 through 1.12 Description: The issue arises when the LDAP connection is activated, allowing an unauthenticated attacker to exploit the username field of the login form due to improper sanitization of user input. This enables...
Teedy 安全漏洞
Teedy is an open source, lightweight document management system for individuals and businesses open-sourced by Teedy France. A security vulnerability exists in Teedy versions 1.9 through 1.12, which stems from improper cleanup of user input and allows an unauthenticated attacker to perform variou...
CVE-2024-54852
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...
CVE-2024-54852
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...
CVE-2024-54851
CVE-2024-54851 affects Teedy up to version 1.12, where CSRF protection is lacking, enabling CSRF attacks as described in multiple sources (CVSSv3.1: 8.8, HIGH). The vulnerability concerns the web UI flow and request handling, with no explicit exploitation details in the provided documents. Red Ha...
CVE-2024-54852
Teedy CVE-2024-54852 affects Teedy versions 1.9–1.12. The LDAP injection arises from improper sanitization of the username field in the LDAP login flow, enabling an unauthenticated attacker to perform actions such as creating arbitrary accounts and spraying passwords. Remediation: update LDAP han...